MalRank

Najafi, Pejman; Mühle, Alexander; Pünter, Wenzel; Cheng, Feng; Meinel, Christoph

doi:10.1145/3359789.3359791

Cited by 28 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zou, et al [19] constructed a client-domain-IP graph and leveraged a propagation algorithm to discover malicious nodes. Najafi, et al, instead proposed the MalRank system [25], which uses information collected by an enterprise's internal SIEM, derived from, for example, proxy, DNS, and DNCP logs, to construct a knowledge graph that identifies malicious entities by calculating and iterating a malicious score over the entities in the knowledge graph. Lei, et al [17] built three domain relation graphs and leveraged the graph embedding technique to obtain features.…”

Section: Graph-based Methodsmentioning

confidence: 99%

AGCN-Domain: Detecting Malicious Domains with Graph Convolutional Network and Attention Mechanism

Luo,

Li,

Cheng

et al. 2024

Mathematics

View full text Add to dashboard Cite

Domain Name System (DNS) plays an infrastructure role in providing the directory service for mapping domains to IPs on the Internet. Considering the foundation and openness of DNS, it is not surprising that adversaries register massive domains to enable multiple malicious activities, such as spam, command and control (C&C), malware distribution, click fraud, etc. Therefore, detecting malicious domains is a significant topic in security research. Although a substantial quantity of research has been conducted, previous work has failed to fuse multiple relationship features to uncover the deep underlying relationships between domains, thus largely limiting their level of performance. In this paper, we proposed AGCN-Domain to detect malicious domains by combining various relations. The core concept behind our work is to analyze relations between domains according to their behaviors in multiple perspectives and fuse them intelligently. The AGCN-Domain model utilizes three relationships (client relation, resolution relation, and cname relation) to construct three relationship feature graphs to extract features and intelligently fuse the features extracted from the graphs through an attention mechanism. After the relationship features are extracted from the domain names, they are put into the trained classifier to be processed. Through our experiments, we have demonstrated the performance of our proposed AGCN-Domain model. With 10% initialized labels in the dataset, our AGCN-Domain model achieved an accuracy of 94.27% and the F1 score of 87.93%, significantly outperforming other methods in the comparative experiments.

show abstract

Section: Graph-based Methodsmentioning

confidence: 99%

AGCN-Domain: Detecting Malicious Domains with Graph Convolutional Network and Attention Mechanism

Luo,

Li,

Cheng

et al. 2024

Mathematics

View full text Add to dashboard Cite

show abstract

“…While such representations are not mapped directly to knowledge graphs, there is a clear link between them. For example, the MITRE ATT&CK 33 framework, which constitutes an industry standard knowledge base of adversary tactics and techniques based on real-world observations, is typically represented as a matrix by default; its concepts and relationships can also be represented as a graph.…”

Section: Knowledge Graph-based Koses For Cybersecurity Applicationsmentioning

confidence: 99%

“…When cyber-knowledge graphs are used to represent cyber-knowledge, whether entities derived from logs or cyberthreat intelligence (which MAC address requested access to which IP or domain, an IP is in which IP address space assigned to which autonomous system, etc. ), cyberthreat detection in SOC/SIEM environments can be formulated as a large-scale graph inference problem [33]. Graph netural networks (GNNs) can be used for graph-based network intrusion detection, capturing both edge features and a network's topological informationas seen in the example of Graph SAmple and aggreGatE (GraphSAGE) detecting malicious information flow in IoT networks [30].…”

Section: Utilizing Machine Learning On Cybersecurity Knowledge Graphsmentioning

confidence: 99%

Cybersecurity knowledge graphs

Sikos

2023

Knowl Inf Syst

View full text Add to dashboard Cite

Cybersecurity knowledge graphs, which represent cyber-knowledge with a graph-based data model, provide holistic approaches for processing massive volumes of complex cybersecurity data derived from diverse sources. They can assist security analysts to obtain cyberthreat intelligence, achieve a high level of cyber-situational awareness, discover new cyber-knowledge, visualize networks, data flow, and attack paths, and understand data correlations by aggregating and fusing data. This paper reviews the most prominent graph-based data models used in this domain, along with knowledge organization systems that define concepts and properties utilized in formal cyber-knowledge representation for both background knowledge and specific expert knowledge about an actual system or attack. It is also discussed how cybersecurity knowledge graphs enable machine learning and facilitate automated reasoning over cyber-knowledge.

show abstract

“…This section aims to discuss how to utilize the KG to analyze and attribute the malware. Najafi et al [130] devised MalRank, a graph-based malware rank inference model aimed to predict a node's maliciousness by its associations with the other entities in the KG, such as common IP ranges or dns servers. This essay presented a KG that builds global relationships among entities detected in proxy and IDS logs, enhanced with related CTI and open-source intelligence (OSINT).…”

Section: Malware Attribution and Analysismentioning

confidence: 99%

Recent Progress of Using Knowledge Graph for Cybersecurity

et al. 2022

View full text Add to dashboard Cite

In today’s dynamic complex cyber environments, Cyber Threat Intelligence (CTI) and the risk of cyberattacks are both increasing. This means that organizations need to have a strong understanding of both their internal CTI and their external CTI. The potential for cybersecurity knowledge graphs is evident in their ability to aggregate and represent knowledge about cyber threats, as well as their ability to manage and reason with that knowledge. While most existing research has focused on how to create a full knowledge graph, how to utilize the knowledge graph to tackle real-world industrial difficulties in cyberattack and defense situations is still unclear. In this article, we give a quick overview of the cybersecurity knowledge graph’s core concepts, schema, and building methodologies. We also give a relevant dataset review and open-source frameworks on the information extraction and knowledge creation job to aid future studies on cybersecurity knowledge graphs. We perform a comparative assessment of the many works that expound on the recent advances in the application scenarios of cybersecurity knowledge graph in the majority of this paper. In addition, a new comprehensive classification system is developed to define the linked works from 9 core categories and 18 subcategories. Finally, based on the analyses of existing research issues, we have a detailed overview of various possible research directions.

show abstract

MalRank

Cited by 28 publications

References 27 publications

AGCN-Domain: Detecting Malicious Domains with Graph Convolutional Network and Attention Mechanism

AGCN-Domain: Detecting Malicious Domains with Graph Convolutional Network and Attention Mechanism

Cybersecurity knowledge graphs

Recent Progress of Using Knowledge Graph for Cybersecurity

Contact Info

Product

Resources

About